The TV game show “The WeakestLink” could have earned a contestant up to $1 million, but theweakest link in your cyber network could net a hacker millions andpotentially cost you your business. Your suppliers can be a bigprofit source for you as they boost your offerings and provideservices you need, yet they can also put your business at risk.

The networks of businesses and their suppliers are oftenconnected. However this “togetherness” presents the possibilitythat your suppliers could become an accomplice in the compromise ofyour network.

No matter how many cyber security devices you have in place, asupplier's access to your network could be the entry point forattackers to access your network and ultimately your most prizedintellectual property. In short, you are only as safe as theweakest link in your online supply chain.

We have come a long way in securing our own infrastructures andnetworks. But the new game in town is ensuring every vendor in yoursupply chain has security measures in place that are equal to orbetter than that of your business. The security guidelines of theGramm-Leach-Bliley Act mandate that financial institutions mustcontractually require their affiliated and non-affiliatedthird-party service providers that have access to a financialinstitution's customer information to protect that information.

According to the Ponemon Institute 2013 Securing Outsourced Consumer DataReport, 65% of organizations surveyed had a network securitybreach involving consumer data outsourced to a vendor, and 64% sayit has happened more than once. In recent months, severalhigh-profile breaches were found to be caused by their vendors.

For example, the New York Times website was defaced andexperienced sporadic downtime because one of its resellersresponded to a spear phishing attack, which allowed hackers tosteal the reseller's login credentials to the Times'network. No matter how strong your security posture is, if you arebreached due to a partner's vulnerabilities, you will be seen asthe weak one as it is up to you to properly manage your risk.

Read more: It's complicated …

Your credit union may have relationships with mortgage andinsurance companies, independent sales organizations like Visa thatsolicit your customers, and companies that store, process ortransmit cardholder data.

While you can't stop outsourcing services to third parties, youcan have agreements with them that state what type of securityprecautions they are responsible for. No matter what it states inthe contract that vendors request you sign, it is up to you to addtext that ensures their security practices and policies are up topar.

When considering doing business with third-party vendors, youneed to know their current network security practices and thesecurity precautions they regularly implement. Your vendors'security standards should be just as robust as your own. An outsidesecurity company can assess a prospective vendor's risk and providea report recommending ways to mitigate the risk.

During the RFP stage, define what security measures proposalsshould include. In your Service Level Agreements, make sure vendorslist the processes they will take to protect your network, andensure that you can review their regular security test reports.

It's not just an organization's hardware and software that needsto be checked. You also need to state in the contract the securitytraining the supplier will provide for all its employees. If one ofyour suppliers' employees divulges information to the wrong personor loses a mobile device with your information on it, your networkcould be breached.

If you are breached due to a vendor and customer data may be atstake, you will need to report it to regulators and customers. Ifyour suppliers won't meet the demands you want stated in theirSLAs, use another vendor. Their carelessness could cause you tolose time, money and customers.

Tips for Securing Your Supply Chain

• Conduct a thorough due-diligence security infrastructure andenvironment assessment by leveraging open-source intelligence.Partner with an outside security firm if you need help.
• Insist that your suppliers provide proof of a recentpenetration test and/or vulnerability scan of their network.
• Be sure your vendors only have access to the information onyour networks they need.
• State which party will be responsible for remediation costs andnotifying customers in case of a breach caused by the vendor.
• Ensure that your vendor provides an employee security educationtraining program that new and current employees must partake inannually.
• Include a clause in your contract that states if the vendorfails to perform stated security practices or does not rectify anyvulnerabilities found within 30 days, you may terminate thecontract.

Jeff Multz isdirector of North America Midmarket Sales at Dell SecureWorks inAtlanta.